Recommendations are AI-generated remediation actions produced after you complete an assessment. Each recommendation targets a specific control gap identified by your answers, and the full list is ranked so that the highest-impact items appear first.
How Recommendations Are Generated
When you complete all categories in a framework, Ayliea analyzes your answers and generates a prioritized list of recommendations. Each recommendation addresses a specific question where your response indicated a gap — a missing control, an incomplete implementation, or a practice that is not yet documented or tested.
Recommendations are ranked by impact, which takes into account:
- Category weight — gaps in higher-weight categories produce recommendations with greater impact on your overall score
- Point gap — the difference between what you earned and the maximum possible for that question
- Control criticality — certain controls are flagged as high-priority by the framework publisher
The result is a list where fixing the top item moves your score more than fixing any other single item.
Recommendation Detail
Each recommendation includes:
- Title — the specific control or practice being addressed
- Framework mapping — which framework category and control the recommendation belongs to
- Priority level — Critical, High, Medium, or Low, based on impact rank
- Implementation guidance — step-by-step remediation playbook describing how to implement the control
- Effort estimate — a rough estimate of the implementation complexity
Filtering and Navigation
The Recommendations screen supports filtering by:
- Priority — view Critical or High items only to focus your immediate effort
- Category — filter to recommendations within a specific control domain
- Status — filter to open, in progress, or completed items
Use the search bar to find recommendations by keyword if you are looking for a specific control.
Tracking Progress
Each recommendation has a status that you update as you work through your remediation backlog:
| Status | Meaning |
|---|
| Open | Not yet started |
| In Progress | Work has begun |
| Completed | Control implemented |
| Accepted Risk | Control acknowledged but not implemented; risk formally accepted |
Assigning Recommendations
On Organization accounts, recommendations can be assigned to specific team members. Assignments are visible to all members of the organization, making it easy to divide remediation work across your team without losing track of ownership.
Notes and Evidence
Each recommendation has a notes field where you can record implementation decisions, link to tickets or change requests, or note caveats about your implementation approach. Notes are visible to all organization members with access to the assessment.
After implementing a recommendation, re-answer the associated question in the assessment to see your score update in real time. Recommendations marked Completed that still have the original low-scoring answer will not improve your score until the assessment answer is updated.
Cross-Framework Recommendations
If you have completed multiple framework assessments, Ayliea surfaces recommendations that address gaps appearing across more than one framework. Fixing a single control gap that appears in both your NIST CSF and ISO 27001 assessments improves both scores simultaneously. 
